As a graphical link analysis tool, Maltego goes beyond just mining and mapping data points. Maltego has a number of features designed specifically to support users in reading the Maltego graphs and conducting analysis, such as bookmarks, annotations, editing links, and Entity customization.
The Maltego Entity: A Visual Piece of Information 🔗︎
Entities are used to represent different types of information and are represented as nodes on your Maltego graph and serve as the starting point of any investigation. Currently, Maltego has over 50 pre-defined Standard Entities, these are made available through installation of Maltego Standard Transforms in the Transform Hub. Users can also add their own custom Entities by creating or importing Entities, building custom integrations for their data, or via third-party data sources available in the Maltego Transform Hub.
While each Maltego Entity has a default icon to represent its data type, there are ways to adjust how an Entity looks to fit your investigative context or add visual guidance. Entity overlay is a feature that comes in handy when navigating a large, complicated graph.
Entity overlays are the tiny icons or images overlaying the edges of an Entity. They are used to mark or visually distinguish specific details of an Entity. In Maltego, the most common overlays include bookmarks and notes, as shown in the image above, and other default or custom icons.
In this article, we will be introducing two default overlays: location overlays and website favicon overlays. We will also be discussing how you can play around and customize an Entity overlay to spice up your Graph.
Location Overlays: Flagging the Geographical Component of an Entity 🔗︎
From version 4.2.0 onwards, Maltego has updated the standard Location Entity to include the location overlay feature.
Location overlay shows the default flag of a country or territory on a Location Entity according to its Country Code Property. When a Location Entity is returned by a Transform, Maltego will attempt to automatically display the corresponding location overlay i.e. the appropriate flag. However, should the appropriate flag not be displayed, you may need to manually enter the country code in the Property window of the Entity to add the location overlay.
At the moment, Maltego’s location overlay features over 190 UN member states, territories, and regions, using the ISO 3166-1 country codes. This means that territories such as Hong Kong and French Polynesia, as well as disputed areas like the West Sahara are also featured in their respective flags.
Using location overlays, you can easily distinguish multiple Location Entities on your Graph based on their country flags. This is especially useful when analyzing a large graph.
Please note that the display of location overlay is only defined by the Country Code attribution in the Entity Property. This means the location overlay might not necessarily match the Entity name if the Country Code input is false.
Website Overlays: Displaying Favicons Fetched from a Website 🔗︎
Another default overlay feature in Maltego is the website overlay, which automatically fetches a website’s favicon and displays it at the southwest corner of the Website Entity.
Favicons, as in “favorite icons”, are the tiny icons shown next to a website’s title in the browser tab or in the bookmarks section. One of the ways a browser finds the favicon is by looking for a “favicon.ico” file in the root folder of a website.
In Maltego, when a Website Entity is returned by a Transform, Maltego uses a calculated property that automatically maps to the favicon if it exists.
If you click on the Manage Entities option in the Entity Tab, find the Website Entity and then open the Edit Entity Window, you can see the Overlay Property Mapping details in the Display Settings Tab.
The calculated overlay property is derived from the main property of the Entity, namely, the FQDN (Fully Qualified Domain Name), with a “/favicon.ico” extension attached. As shown in the image above, the favicon is then mapped to the southwest overlay position as an image.
With website overlays, you are able to visually distinguish between different websites in your graph by taking a look at their favicons, which will save you time when looking for outliers.
Please note that Maltego only automatically fetches the website favicons from the internet when your Maltego Desktop Client is set to the Normal Privacy Mode. If you set Maltego to Stealth Mode, your Client will be blocked from directly fetching any image or image overlay for the Website Entity.
Adding New Overlays to an Entity 🔗︎
Aside from these default Entity overlays, Maltego also gives users the option to add new overlays to an Entity. For example, you can add a location overlay to a Person Entity, easily marking the birthplace or current residence of the Person-of-Interest.
Marking the Birthplace of a Person in a Maltego Graph for POI Investigation 🔗︎
To mark the birthplace or current residence, open the Entity Manager by clicking the Manage Entities button in the Entity Tab. Find the Person Entity in the list and click on the ellipsis button to open the Edit Entity window.
In the Additional Properties tab, click the Add Property button on the top right corner. Enter the name and display name of the new property you want to add. In this case, we are adding the “CountryofBirth” property to the Person Entity.
Next, in the Display Settings tab, we choose the position for this overlay property. We decide to place the “CountryofBirth” property we just created in the South West position and set the type to Image since we want to display the image of the country’s flag.
After editing the Entity’s overlay property, we double click on the targeted Person Entity, “John Doe.” In the Properties tab in the Details window, we now see a new property called “CountryofBirth.” By inputting the country code, we can display the corresponding location overlay on the Person Entity.
Remember to make sure that the information you enter is spelled correctly, because, fun fact: If you type in “bear”, the overlay will show the image of a bear!
Customize Maltego’s Entities for Your Organizations 🔗︎
Maltego’s Entity settings don’t just stop here. In fact, Maltego allows users to set up a wide range of customization that goes as far as creating or importing unique Entities, using your own set of icons, and adding various custom properties.
The freedom of customizing Entities enables you to reshape Maltego’s investigation environment to fit your own context and language. We encourage you to explore these possibilities and make Maltego your own investigation tool.